[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ossec-dev] ossec-hids: ossec_rules.xml (NEW) [dcid]
Module name: ossec-hids
Changes by: dcid 06/08/28 14:32:40
Added files:
ossec_rules.xml
Log message:
Description: Adding ossec related rules and decoder. Adding extra decoder for pam also.
Reviewed by: dcid
Bug:
--- NEW FILE: ossec_rules.xml ---
<!-- Official ossec rules for the OSSEC HIDS
- Author: Daniel B. Cid
- Date: Aug 23, 2006 (v0.1)
-->
<group name="syslog,ossec">
<rule id="500" level="0">
<decoded_as>ossec</decoded_as>
<description>Grouping of ossec rules.</description>
</rule>
<rule id="501" level="3">
<if_sid>500</if_sid>
<if_fts />
<options>alert_by_email</options>
<match>Agent started</match>
<description>New ossec agent connected.</description>
</rule>
<rule id="502" level="3">
<if_sid>500</if_sid>
<options>alert_by_email</options>
<match>Ossec started</match>
<description>Ossec server started.</description>
</rule>
<rule id="503" level="3">
<if_sid>500</if_sid>
<options>alert_by_email</options>
<match>Agent started</match>
<description>Ossec agent started.</description>
</rule>
<rule id="504" level="3">
<if_sid>500</if_sid>
<options>alert_by_email</options>
<match>Agent disconnected</match>
<description>Ossec agent disconnected.</description>
</rule>
</group> <!-- SYSLOG,OSSEC -->
OSSEC home |
Main Index |
Thread Index
OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.